Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need serious help


  • Please log in to reply
4 replies to this topic

#1 Gugnir

Gugnir

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 02 May 2005 - 05:01 AM

Hey i've just formatted my pc. I now have 3 user accounts. On 2 of the three i had the problem with the sscs.exe file, alright, thats fixed.
But now on the 3th account i'm just constantly under attack, every half second "media software UPdate" tries to put that sscs.exe file back.
I already searched a 100 sites, all did what they told me.
The registry keys are removed, the "nortan2122" file also (although it keeps coming back sometimes)

Im using Ad-Aware's Ad-Watch and this is it log:
===============================================
2-5-2005 11:52:58 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\Run
Value:Media Software UPdater
Data:sscs.exe
New Data:

(x10000000000000000000 times)

the icon of ad-watch is beeping constantly saying that it keeps trying though i thought i removed all of it :thumbsup:

PLZ HELP!

BC AdBot (Login to Remove)

 


#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:30 PM

Posted 02 May 2005 - 06:47 AM

from this site's startup database:
Name: Media Software UPdater
Filename: sscs.exe
Description: Added by a variant of the Rbot worm. This worm, when started, connects to IRC servers where it sits in a desginated channel waiting for commands from a remote user.


First shot at removal is to follow these instructions:
Is your Anti-virus program current and updated? If not you can download a free anti-virus program here (US Link): AVG Free
When you have downloaded and installed it you need to go online to register it and update it. (It will probably prompt you to do this.)
Once you have installed AVG uninstall your old Anti-Virus software.

Do you have any anti-spyware installed? If not download and update all of the following:Reboot your computer in Safe Mode and run the anti-virus scan and anti-spyware scans there.
If you are not sure how to boot in Safe Mode there is a tutorial here:
Safe Mode

See if that helps :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 Kay

Kay

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 25 May 2005 - 02:18 PM

this is the exact same thing that I have..

but only.. im allready in Safemode.. cause normal windows crashes everytime..

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:30 AM

Posted 25 May 2005 - 07:41 PM

Try using the rest of these:

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

Microsoft Antispyware Beta: http://www.microsoft.com/athome/security/s...re/default.mspx

Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

Zerospyware (recommended by Microsoft Security) Windows 98/Me/2000/XP
http://www.download.com/ZeroSpyware-Limite...feed&jump=winmp

CWShredder from InterMute
CW Shredder removes some variants of spyware known as the Coolwebsearch Trojan. The Trojan takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites. Run CWShredder after installing, and have it look for updates. Then click the "Fix" button, and the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.
Cost: Freeware
http://www.intermute.com/spysubtract/cwshr...r_download.html

#5 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:30 PM

Posted 25 May 2005 - 10:07 PM

I suggest you get expert help by posting an HJT log. Please read the pinned posts 'How to use this Forum' and 'How to post a HighJack This log' at the top of this forum:
http://www.bleepingcomputer.com/forums/Hij...alysis-f22.html

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users